Love it or hate it, blockchain has become a playground for technologists. Blockchain also fuels criminal ecosystems through major hacking incidents.

In this talk, we aim to shed light on the most common bug types found in one of the main blockchain frameworks (Substrate) and provide insights and tools to find them.

Blockchain bugs present unique challenges for developers and security testers. Drawing from several hundred blockchain security issues we reported, we identified five common issue types. We discuss the potential impact of each issue type and provide practical tips for testing blockchain systems.

To promote accessibility to blockchain hacking, we release a fuzzer for Substrate-based chains. During the talk, we demo the fuzzer and showcase typical bugs, including arithmetic errors, reachable panics, and others.